Whether you are a one-man band IFA, a small company or one of the largest firms in the land, you now need to prove that you are actively working to comply with the regulations, rather than simply registering for data protection status with the ICO and leaving it at that. By the way, you have all already done your ICO registration haven’t you? Just checking.
The focus on accountability under the GDPR now means that you have to have undertaken certain steps to be able to prove that you have considered the risks in relation to the protection of the personal data that you hold.
You also have to be able to show the steps you have taken to comply, which is trickier to solve unless you take a structured approach to your data processing.
Smaller organisations are likely to have a smaller scale approach to accountability than a large firm, according to the ICO, but it is explicit that even this should “ensure a good level of understanding and awareness of data protection among your staff; implement comprehensive but proportionate policies and procedures for handling personal data; and keep records of what you do and why”.
Since the legislation soon comes into force, time is now seriously ticking for any firm that has not yet done anything about it. By the time you read this, you will have a maximum of two to three days left to ensure you comply before the deadline.
So, it is vital not to sit on your hands, but instead get in touch with your customers and make sure they are happy to keep in touch with you. You may even find that it brings in some new business from those you have not had direct contact with for some time.
Alison Steed is a freelance journalist